Security News

Apple Safari Flaws Enable One-Click Webcam Access
2020-04-06 18:43

To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams.

Will Apple’s “microphone switch” stop your iPad getting bugged?
2020-04-06 15:23

There's been a bit of a buzz in the news lately over an "Epic new feature" in the next Apple iPad model - the one that's supposed to come out this year. A real-life, break-in-the-wire(ish) microphone switch so that you can be sure that your iPad really isn't recording you while you're in your car or sitting around at home.

How to keep your Apple devices updated automatically
2020-04-06 13:26

One way to ensure this is to update your Apple systems automatically and to have the App Store automatically update your apps as well. I'll explain how to keep iOS and macOS devices and apps up-to-date without lifting a finger when new updates are available.

Apple Awards Researcher $75,000 for Camera Hacking Vulnerabilities
2020-04-03 13:59

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple's Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March.

Apple's latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause?
2020-04-01 10:30

Apple's latest update to macOS Catalina appears to have broken SSH for some users. The issue is that under Apple's macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works - for some users at least.

Apple’s iOS 13.4 hit by VPN bypass vulnerability
2020-03-30 13:43

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.

Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
2020-03-27 14:43

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.

Apple Safari now blocks all third-party cookies by default
2020-03-26 14:10

"The long wait is over," Apple WebKit engineer John Wilander announced on Tuesday: the latest update to the Safari browser is blocking third-party cookies by default for all users. We've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.

Apple Enables Full Third-Party Cookie Blocking in Safari
2020-03-26 11:53

Apple this week announced that third-party cookies are now blocked by default in Safari on macOS, iOS and iPadOS. The feature represents the latest enhancement the Cupertino-based company brought to its Intelligent Tracking Prevention and is meant to improve the privacy of its users by removing previously accepted exceptions. Due to continuous improvements made to ITP, most third-party cookies were already blocked in Safari, but other browser makers are also moving toward blocking cookies by default, and Apple decided to make the final step before others.

Apple delivers March 2020 security updates for iDevices and software
2020-03-26 11:37

If you haven't yet opted for automatic Apple security updates, it's time to update your iDevices and software again. The security update for Xcode - an integrated development environment for macOS containing a suite of software development tools developed by Apple for developing software for macOS, iOS, iPadOS, watchOS, and tvOS - offers no details about fixed security issues.